One interesting application of the invention is in services referred to as recipherment designed to receive an encrypted content from a first entity and to transmit it encrypted for the attention of a second entity.
In symmetric cryptography, the transmitter and the receiver of a message share the knowledge of the same secret key K. The latter allows the transmitter to transform a plaintext message into a cryptogram, or ciphertext message, and the receiver to recover the plaintext message starting from the ciphertext message.
Some applications require an intermediate entity between the transmitter and the receiver to convert a first ciphertext C1 of a plaintext message M, obtained by a first entity U1 by means of a first secret key K1, into a second ciphertext C2 of the same plaintext message M by means of a second secret key K2 for a second entity U2. The second entity U2 that holds the second secret key K2 is capable of obtaining the plaintext message by decrypting the second ciphertext C2. One example of such a service consists of a remote storage service for contents. The first entity transmits data encrypted by means of its secret key K1 to a remote storage server. Subsequently, the first entity U1 wishes to grant a second entity U2 access to its data without revealing its secret key to this entity. One obvious way of proceeding consists in transmitting to the intermediate entity, in this case the remote server, the secret keys K1 and K2 of the two entities in order that the intermediate entity decrypts, by means of the key K1, the first ciphertext C1 in order to obtain the plaintext message M, then encrypts by means of the secret key K2 of the second entity the message M obtained for the attention of the second entity U2. However, by proceeding in this manner, the intermediate entity becomes aware of the plaintext message M. Moreover, the intermediate entity holds the respective secret keys of the entities. It is however understandable that users who wish to implement such a service might not trust the intermediate entity. Thus, it is understandable that users would wish, for reasons of confidentiality, to have the guarantee that the intermediate entity cannot access the unencrypted message and that, furthermore, they would not wish, for reasons of security, to transmit their secret key to the intermediate entity.
The obvious way of proceeding may not therefore be suitable. But no method exists that allows re-encryption for another user in the framework of secret key cryptography.